[Bug 66025] New: WebappClassLoaderBase.getResources() needs partial replacements

Fri, 22 Apr 2022 06:00:18 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=66025

            Bug ID: 66025
           Summary: WebappClassLoaderBase.getResources() needs partial
                    replacements
           Product: Tomcat 9
           Version: 9.0.62
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: Servlet
          Assignee: dev@tomcat.apache.org
          Reporter: apa...@froehlich-mail.net
  Target Milestone: -----

Tomcat 9.0.62 deprecated the getResource() method of WebappClassLoaderBase and
at the same time made it always return null. It is a very hard step and I
cannot understand, why not instantly remove the method. If someone uses it, it
will fail with an NPE now soewhere at runtime, which is nothing better than
being uncompilable, but worse.

Anyway, virtually removing this method has some downsides, that need
compensation. We're using this method for a single purpose: calling
getContext(). And this is done for three purposes:

- getting the context's name via getName()
- resolving a resource path via getRealPath(String)
- getting the context's logger via getLogger()

There's a method in WebappClassLoaderBase.getContextName(). I suggest to stuff
this method with a simple String instead of extracting the name from
resources.getContext().getName(). This would be possible without any security
risk.

There should be some separate methods on the WebappClassLoaderBase to resolve
resource paths. We don't need the context for that. But the ClassLoader needs
ways to resolve paths the tomcat way. Especially resources, that are linked via
context.xml's <Resources> element must be recognized and resolved. The
getResource(String) and getResourceAsStream(String) methods (inherited from
ClassLoader) don't do that.

I guess a method getLogger() to return the context's logger would be a
no-risker.

What do you think? Would that be an option for you?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to